On Jun 15, 2016, at 9:26 AM, Andre LaBranche <
dre@apple.com> wrote:
On Jun 14, 2016, at 4:46 AM, Axel Rau <Axel.Rau@Chaos1.DE> wrote:
Shall I report a bug for this?
Yeah, looks like we don't accept tcps.
I tried the most naive thing I could think of, since I believe none of the parameters we pass down to pg8000 are TLS-aware - I think it's a negotiation that happens at connect time.
Index: txdav/base/datastore/dbapiclient.py
===================================================================
--- txdav/base/datastore/dbapiclient.py (revision 15694)
+++ txdav/base/datastore/dbapiclient.py (working copy)
@@ -218,7 +218,7 @@
else:
self.port = None
self.host = None
- elif self.endpoint.startswith("tcp:"):
+ elif self.endpoint.startswith("tcp:") or self.endpoint.startswith("tcps:"):
self.unixsocket = None
self.host = self.endpoint[4:]
if ":" in self.host:
However in trying to test this, I realized that we don't build postgres with SSL support. When I added "--with-openssl" to the PG configure args (in bin/_build.sh), it blows up on me because my OS vendor totally doesn't ship openssl headers, and I'm not trying to solve that right now... but maybe I can get it going via Homebrew. In the mean time, feel free to try the above patch and let me know if it 'just works' :)
-dre